package com.encryption.service.ca.impl;

import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;

import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import com.encryption.service.ca.CAEnrollFacade;
import com.encryption.service.ca.CAService;
import com.encryption.service.ca.KeyManager;
import com.encryption.service.ca.identify.model.CAServiceResult;
import com.encryption.service.ca.util.CAConstants;
import com.encryption.service.ca.util.CertificateUtil;
import com.encryption.service.ca.util.CryptoUtil;
import com.encryption.service.ca.util.HexUtil;
import com.encryption.service.ca.util.PropertyLoader;
import com.sun.org.apache.xml.internal.security.utils.Base64;

/**
 * 
 * @author user
 * @version $Id: CAServiceImpl.java,v 0.1 2012-10-4 ����11:03:51 user Exp $
 */
public class CAServiceImpl implements CAService, CAConstants {
    private CAEnrollFacade caEnrollFacade = new CAEnrollFacadeImpl();
    
    private KeyManager     keyManager     = new KeyManagerImpl();
    
    public CAServiceResult generatePKCS7(String userId, String userName, String csr, String caType)
                                                                                          throws CertificateParsingException,
                                                                                          Exception {
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate userCert = caEnrollFacade.engineEnroll(userId, userName, csr, caType);
        
        //setting!
        X509Certificate caCert = CertificateUtil.getInstanceFromFile(PropertyLoader
            .get(CA_FILE_PATH));
        
        String certThrumbId = CryptoUtil.getThumbPrint(userCert);
        String certSn = HexUtil.bigIntegerToHexString(userCert.getSerialNumber());
        CAServiceResult result = new CAServiceResult();
        result.setCertSn(certSn);
        result.setUserCertThrumbId(certThrumbId);
        result.setCertB64String(Base64.encode(userCert.getEncoded()));
        RSAPrivateKey caPrvKey = (RSAPrivateKey) keyManager.getKey(CA_PRIV_KEY01_NAME);
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        generator.addSigner(caPrvKey, (X509Certificate) caCert, CMSSignedDataGenerator.DIGEST_SHA1);
        //ǩ��
        String text = "lop";
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        certList.add(userCert);
        certList.add(caCert);
        CertStore certStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(certList), "BC");
        generator.addCertificatesAndCRLs(certStore);
        CMSSignedData signedData = generator.generate(new CMSProcessableByteArray(text.getBytes()),
            true, "BC");
        result.setP7pkg(Base64.encode(signedData.getEncoded()));
        return result;
    }


}
